Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kapp-controller should look up addition imagePullSecrets from the ServiceAccount performing installation of the Package #1370

Open
dprotaso opened this issue Oct 19, 2023 · 2 comments
Labels
carvel-accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request

Comments

@dprotaso
Copy link

Describe the problem/challenge you have

It would be useful if kapp-controller could leverage the imagePullSecrets on ServiceAccounts in order to pull imgpkgBundles or images. This means I wouldn't have to specify the secret in every fetch stanza

This would make it easier to use kapp-controller without requiring secretgen controller and provide finer grained control over how secrets are being used.

Describe the solution you'd like

Steps for adding the imagePullSecret is here - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account

Anything else you would like to add:

Note the precendence for this is that the Pods are able to pull images from private registries from two places - eithe the imagePullSecrets on the PodSpec or from imagePullSecets on the ServiceAccount.

It's not an either or but instead K8s will coalesce these secrets and try them all until one works.

eg. see the logic in the following files:
https://github.com/kubernetes/kubernetes/blob/d953755686d64207740c15c7eb1599f874f29243/pkg/credentialprovider/keyring.go#L81
https://github.com/kubernetes/kubernetes/blob/d953755686d64207740c15c7eb1599f874f29243/pkg/credentialprovider/keyring.go#L238


Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you want to help working on this issue.

@dprotaso dprotaso added carvel-triage This issue has not yet been reviewed for validity enhancement This issue is a feature request labels Oct 19, 2023
@renuy renuy moved this to To Triage in Carvel Nov 16, 2023
Copy link

This issue is being marked as stale due to a long period of inactivity and will be closed in 5 days if there is no response.

@github-actions github-actions bot added the stale This issue has had no activity for a while and will be closed soon label Nov 29, 2023
@dprotaso
Copy link
Author

This shouldn't go stale - are we able to prioritize this

@github-actions github-actions bot removed the stale This issue has had no activity for a while and will be closed soon label Nov 30, 2023
@renuy renuy added carvel-accepted This issue should be considered for future work and that the triage process has been completed and removed carvel-triage This issue has not yet been reviewed for validity labels Dec 5, 2023
@renuy renuy moved this from To Triage to Prioritized Backlog in Carvel Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
carvel-accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request
Projects
Status: Prioritized Backlog
Development

No branches or pull requests

2 participants